Java Code Examples for org.apache.cxf.rs.security.jose.jws.JwsHeaders#setKeyId()
The following examples show how to use
org.apache.cxf.rs.security.jose.jws.JwsHeaders#setKeyId() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: DefaultJoseImpl.java From thorntail with Apache License 2.0 | 6 votes |
|
@Override
public String sign(SignatureInput input) {
JwsHeaders headers = new JwsHeaders();
headers.asMap().putAll(input.getHeaders());
if (!config.signatureDataEncoding()) {
headers.setPayloadEncodingStatus(false);
}
if (config.includeSignatureKeyAlias()) {
headers.setKeyId(signatureKeyAlias());
}
Properties props = prepareSignatureVerificationProperties(JoseOperation.SIGN);
headers.setSignatureAlgorithm(SignatureAlgorithm.getAlgorithm(config.signatureAlgorithm()));
JwsSignatureProvider provider = getSignatureProvider(props, headers);
return DEFAULT_JOSE_FORMAT == config.signatureFormat()
? signCompact(provider, headers, input.getData()) : signJson(provider, headers, input.getData());
}
Example 2
| Source File: ApacheCXFProducer.java From cxf with Apache License 2.0 | 6 votes |
|
public void produceJWS(String keyType, String signatureAlgorithm, Serialization serialization, String plainText,
String jwksJson) {
JsonWebKeys keys = JwkUtils.readJwkSet(jwksJson);
JsonWebKey key = getRequestedKeyType(keyType, keys).orElseThrow(IllegalArgumentException::new);
// Sign
JwsHeaders jwsHeaders = new JwsHeaders();
jwsHeaders.setKeyId(key.getKeyId());
jwsHeaders.setAlgorithm(signatureAlgorithm);
switch (serialization) {
case COMPACT:
produceCompactJWS(plainText, key, jwsHeaders);
break;
case FLATTENED:
produceJsonJWS(plainText, key, jwsHeaders, true);
break;
case JSON:
produceJsonJWS(plainText, key, jwsHeaders, false);
break;
default:
throw new IllegalArgumentException("Serialization not supported: " + serialization);
}
}
Example 3
| Source File: TestJwts.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
static String createSigned(JwtToken baseJwt, JsonWebKey jwk, JwsSignatureProvider signatureProvider) {
JwsHeaders jwsHeaders = new JwsHeaders();
JwtToken signedToken = new JwtToken(jwsHeaders, baseJwt.getClaims());
jwsHeaders.setKeyId(jwk.getKeyId());
return new JoseJwtProducer().processJwt(signedToken, null, signatureProvider);
}
Example 4
| Source File: TestJwts.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
static String createSignedWithPeculiarEscaping(JwtToken baseJwt, JsonWebKey jwk) {
JwsSignatureProvider signatureProvider = JwsUtils.getSignatureProvider(jwk);
JwsHeaders jwsHeaders = new JwsHeaders();
JwtToken signedToken = new JwtToken(jwsHeaders, baseJwt.getClaims());
// Depends on CXF not escaping the input string. This may fail for other frameworks or versions.
jwsHeaders.setKeyId(jwk.getKeyId().replace("/", "\\/"));
return new JoseJwtProducer().processJwt(signedToken, null, signatureProvider);
}
Example 5
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testRSAv15Signature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.RS256);
compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
compactProducer.signWith(rsaKey);
assertEquals(compactProducer.getSignedEncodedJws(),
RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_V1_5_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey,
SignatureAlgorithm.RS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
protectedHeader.setKeyId(RSA_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey,
SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
Example 6
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example 7
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("deprecation")
@Test
public void testDetachedHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + ".");
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer =
new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example 8
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testDetachedHMACSignature2() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD, false, true);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
String jwsJsonCompleteSequence =
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jwsJsonCompleteSequence, HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true, true);
String jwsJsonFlattenedSequence =
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jwsJsonFlattenedSequence, HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jwsJsonFlattenedSequence, ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example 9
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
JwsHeaders unprotectedHeader = new JwsHeaders();
unprotectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example 10
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testProtectingContentOnlySignature() throws Exception {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders unprotectedHeader = new JwsHeaders();
unprotectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
unprotectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
null, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_CONTENT_ONLY_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
null, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_CONTENT_ONLY_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example 11
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testRSAPSSSignature() throws Exception {
try {
Cipher.getInstance(AlgorithmUtils.PS_SHA_384_JAVA);
} catch (Throwable t) {
Security.addProvider(new BouncyCastleProvider());
}
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.PS384);
compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_PSS_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
RSA_PSS_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
compactProducer.signWith(rsaKey);
assertEquals(compactProducer.getSignedEncodedJws().length(),
(RSA_PSS_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_PSS_SIGNATURE_VALUE).length());
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.PS384);
protectedHeader.setKeyId(RSA_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_GENERAL_SERIALIZATION.length());
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.PS384), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument().length(), RSA_PSS_JSON_FLATTENED_SERIALIZATION.length());
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.PS384));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
Example 12
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 4 votes |
|
@Test
public void testMultipleSignatures() throws Exception {
try {
Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
} catch (Throwable t) {
Security.addProvider(new BouncyCastleProvider());
}
try {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders firstSignerProtectedHeader = new JwsHeaders();
firstSignerProtectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
JwsHeaders firstSignerUnprotectedHeader = new JwsHeaders();
firstSignerUnprotectedHeader.setKeyId(RSA_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256),
firstSignerProtectedHeader, firstSignerUnprotectedHeader);
assertEquals(jsonProducer.getSignatureEntries().get(0).toJson(),
FIRST_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
JwsHeaders secondSignerUnprotectedHeader = new JwsHeaders();
secondSignerUnprotectedHeader.setSignatureAlgorithm(SignatureAlgorithm.ES512);
secondSignerUnprotectedHeader.setKeyId(ECDSA_KID_VALUE);
JsonWebKey ecKey = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(ecKey, SignatureAlgorithm.ES512),
null, secondSignerUnprotectedHeader);
assertEquals(new JsonMapObjectReaderWriter().toJson(
jsonProducer.getSignatureEntries().get(1).getUnprotectedHeader()),
SECOND_SIGNATURE_UNPROTECTED_HEADER_MULTIPLE_SIGNATURES);
assertEquals(jsonProducer.getSignatureEntries().get(1).toJson().length(),
SECOND_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES.length());
JwsHeaders thirdSignerProtectedHeader = new JwsHeaders();
thirdSignerProtectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
thirdSignerProtectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys secretJwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> secretKeys = secretJwks.getKeys();
JsonWebKey hmacKey = secretKeys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(hmacKey, SignatureAlgorithm.HS256),
thirdSignerProtectedHeader);
assertEquals(jsonProducer.getSignatureEntries().get(2).toJson(),
THIRD_SIGNATURE_ENTRY_MULTIPLE_SIGNATURES);
assertEquals(jsonProducer.getJwsJsonSignedDocument().length(),
MULTIPLE_SIGNATURES_JSON_GENERAL_SERIALIZATION.length());
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
JsonWebKey ecPublicKey = publicKeys.get(0);
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
assertTrue(jsonConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
assertTrue(jsonConsumer.verifySignatureWith(hmacKey, SignatureAlgorithm.HS256));
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
